<?php
class User {

	public $username;
	public $password;

	public $error_msg ;
	private $key = "25myFm#@";
	private $magic_quotes_active;
	private $real_escape_string_exists;
	
	protected $user_errors = array(

	USERNAME_MISS_MATCH 	=> "Invaild username.",
	PASSWORD_MISS_MATCH  	=> "Invaild password.",
	EMPTY_USER 				=> "User does not exist, plaease create new user first!.",
	);
	
  function __construct() {
		$this->magic_quotes_active = get_magic_quotes_gpc();
		$this->real_escape_string_exists = function_exists( "mysql_real_escape_string" );
  }
	
	public function authenticate($username="", $password="") {
		
		
		$username = $this->escape_value($username);
		$password = $this->escape_value($password);
		$password = md5($password.$this->key);
		
		$data = self::read_file();
		if(!empty($data)){
//			echo "authen not empty data";
			$username_data = $data[0];
			$password_data = $data[1];
			
			if($username_data == $username){
				if($password_data == $password){
					$this->username = $username;
					return true;
				}else{
					//Password miss match
					$this->error_msg = $this->user_errors['PASSWORD_MISS_MATCH'];
					return false;
				}
			}else{
				//Username miss match.
				$this->error_msg = $this->user_errors['USERNAME_MISS_MATCH'];
				return false;
			}
		}else{
			//Empy user, create first.
//			echo "authen empty data";
			$this->error_msg = $this->user_errors['EMPTY_USER'];
			$_SESSION['empty_user'] = true;
			return false;
		}
		
				
	}
	
	public function escape_value( $value ) {
		if( $this->real_escape_string_exists ) { // PHP v4.3.0 or higher
			// undo any magic quote effects so mysql_real_escape_string can do the work
			if( $this->magic_quotes_active ) { $value = stripslashes( $value ); }
			$value = $value;
		} else { // before PHP v4.3.0
			// if magic quotes aren't already on then add slashes manually
			if( !$this->magic_quotes_active ) { $value = addslashes( $value ); }
			// if magic quotes are active, then the slashes already exist
		}
		return $value;
	}
	
	
	private function compare_password($new_pass, $old_pass){
		$data = $this->read_file();
		$username = $data[0];
		$password = $data[1];
		
	}
	
	public function create_user($username, $password){
		$username = $this->escape_value($username);
		$password = $this->escape_value($password);
		$password = md5($password.$this->key);
		
		return ($this->write_file($username, $password));
	}
	
	private static function read_file(){
		$strFileName = "myfile";
//		$row = 1;
		if (($handle = fopen($strFileName, "r")) !== FALSE) {	
//			while (($data = fgetcsv($handle, 0, ",")) !== FALSE) {
//				$num = count($data);
//				echo "<p> $num fields in line $row: <br /></p>\n";
//				$row++;
//				for ($c=0; $c < $num; $c++) {
//					echo $data[$c] . "<br />\n";
//				}
//			}
			$data = fgetcsv($handle, 0, ",");
			//echo "<script>alert(".$data.")</script>";
			fclose($handle);
			return $data;
		}
		return array();
	}
	
	private function write_file($username, $password){
		$user_data = array($username, $password);
		
		$fp = fopen('myfile', 'w');
//		foreach ($list as $fields) {
		if(fputcsv($fp, $user_data)){
			$this->username = $username;
			fclose($fp);
			return true;
		}	
//		}
		fclose($fp);
		return false;
	}
	
	public function change_password($new_pass, $old_pass){
		$old_password = $this->escape_value($old_pass);
		$old_password = md5($old_password.$this->key);
		
		$data = self::read_file();
		if(!empty($data)){
			$username_data = $data[0];
			$password_data = $data[1];
//			echo $old_password;
			//var_dump($password_data);
			//var_dump($old_password);
			if($old_password == $password_data){
				//Old password is match then,
				//write new password to myfile. 
				return $this->write_file($username_data, md5($new_pass.$this->key));
			}else{
				//Old password miss match.
//				echo "Old password miss match";
				return false;
			}
		}
	}
	
	
	public static function is_have_user(){
		$data = self::read_file();
		return (!empty($data));
	}
	
	
}